Search form

Main menu

Domain Name System (DNS)

The Domain Name System (DNS) is a system for converting human-readable host names and domain names (like www.eff.org) into the machine-readable, numeric Internet Protocol (IP) address of a server or other device (like 64.147.188.3), which is used to point computers and other devices toward the correct servers on the Internet. At the heart of the system are the DNS servers that manage vast databases that map domain names to IP addresses.They are highly centralized, which makes them easy targets for Internet censors.

DNS makes it possible for users and computers to access different places or devices on the Internet without having to remember millions of different IP addresses and server locations themselves — basically, it is a directory for the Internet. When it is compromised or censored, users will have difficulty accessing certain sites and domains, unless, in some instances, they can use alternate DNS servers and proxies.

On a small scale, ISPs may choose to, or be ordered to, filter content, like pornography or websites accused of copyright infringement. ISPs do this by preventing DNS servers under their control from resolving users’ requests for a website to the proper IP address – the site is still there, but users can’t get to it be using the site’s domain name. This can prevent users from accessing lawful as well as unlawful speech, in part because it is often easier for ISPs and governments to prevent access to entire domain names, including lawful speech on rather than precisely block access to specific objectionable content.

Larger scale DNS censorship is common in countries like Iran and China whose governments use their control over Internet infrastructure to suppress material that they find objectionable, whether political speech or content they consider immoral. Many other countries, like Belgium and Norway, use less pervasive (but still questionable) DNS censorship schemes targeting sites that are allegedly used to distribute child pornography. Some countries, including the United States, are considering DNS blocking as a strategy for attacking intellectual property infringement.

DNS censorship strategies also cause a great deal of collateral damage. For example, in addition to impeding access to lawful speech, interfering with the DNS may cause security problems, in part because it will spur sites to switch to tunneling systems or untrustworthy DNS mechanisms.

Examples of Targeting the DNS

After Wikileaks released its cache of diplomatic documents in December 2010, its DNS provider EveryDNS.net stopped providing DNS resolution services for www.wikileaks.org, severely curbing Wikileaks’ ability to disseminate its documents to users seeking to access its website.